package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class JDBCDemo7 {
    public static void main(String[] args) {
        try(Connection connection = DBUtil.getConnection();){
            String sql = "SELECT id,username,password,nickname " +
                    "FROM user " +
                    "WHERE username=? AND password=?";
             PreparedStatement ps=connection.prepareStatement(sql);
             ps.setString(1,"张三");
             ps.setString(2,"123456");

             ps.setString(1,"李四");
             ps.setString(2,"1' OR '1='1");
             ResultSet rs = ps.executeQuery();
             if(rs.next()){
                 System.out.println("登录成功!");
             }else{
                 System.out.println("登录失败!");
             }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
